Full Disclosure mailing list archives

Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.

From: "Lise Moorveld" <lise_moorveld () hotmail com>
Date: Fri, 11 Mar 2005 11:46:16 +0100

Hi,

Well, technically these would be separate vulnerabilities, wouldn't you say?

Could you perhaps share a bit more information about which headers work wellin circumventing which AV products?


-- Lise

get the new updates at,
http://www.geocities.com/visitbipin/crc.html

strangely, after modifying other general purpose bit
flag in the zip header like,compression method,last
mod file time,last mod file date,file name

length,extra field length... [NOT: compressed size, uncompressed size whichwas

pointed out by iDEFENSE before]

strangely i found some other AV pron to the BUG.


_________________________________________________________________
Talk with your online friends with MSN Messenger http://messenger.msn.nl/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 09)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Frederic Charpentier (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Dr. Peter Bieringer (Mar 10)
- <Possible follow-ups>
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 10)
  - RE: Multiple AV Vendor Incorrect CRC32 BypassVulnerability. Randall M (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 10)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. Lise Moorveld (Mar 11)
- Re: Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability. bipin gautam (Mar 11)